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DETAILED ACTION 

1. This Office action is responsive to the following communication: Request for Continued 
Examination filed on 4 June 2008. 

2. Claims 1-21 and 24-28 are pending and present for examination. 

Continued Examination Under 37 CFR 1.114 

3. A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 
1.17(e), was filed in this application after final rejection. Since this application is eligible for continued 
examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the 
finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant's 
submission filed on 4 June 2008 has been entered. 

Response to Amendment 

4. Claims 1, 9, and 16 have been amended. 

5 . No cla i ms have been f u rther ca ncel led . 

6. No claims have been newly added. 

Claim Rejections - 35 USC§ 101 

7. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 

requirements of this title. 

8. As per the claim rejections under 35 U.S.C. 101, Applicant's amendment has been acknowledged. 
Accordingly the rejections have been withdrawn. 
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Claim Rejections - 35 USC§ 103 

9. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art 
are such that the subject matter as a whole would have been obvious at the time the Invention was made to a 
person having ordinary skill in the art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

10. Claims 1-3, 6, 8-11, 14, 16-18, 21, and 24-28 are rejected under 35 U.S.C. 103(a) as being 

unpatentable over Pisello et a! (U.S. Patent No. 5,495,607, hereinafter referred to PISELLO), filed on 
November 15, 1993, and issued on February 27, 1996, in view of Stupek, Jr. et al (U.S. Patent No. 
5,586,304, hereinafter referred to as STUPEK), filed on 8 September 1994, and issued on 17 December 
1996, and in further view of Schmidt et al (U.S. Patent No. 6,535,894, hereinafter referred to as 
SCHMIDT), filed on 1 June 2000, and issued on 18 March 2003. 

11. As per independent claim 1, 9 and 16, PISELLO, in combination with STUPEK and SCHMIDT, 
discloses: 

A computer implemented method for gleaning file attributes independently of file format, 
the method comprising the steps of: 

a non-application-specific file attribute manager receiving a plurality of files in a 
plurality of formats {See pisello, coI. 13, lines 14-19, wherein this reads over "a domain-wide 
status-monitor . . . periodically scan[s]"}; 

the file attribute manager scanning the plurality of received files in the plurality of 
formats {See pisello, coI. 13, lines 14-19, wherein this reads over "a domain-wide status-monitor 

. . . periodically scan[s]"}; 

the file attribute manager gleaning attributes from each of the plurality of scanned 
files in the plurality of formats {See pisello, coI. 13, lines 48-51, wherein this reads over "to 
collect the file Identifying Information stored at a given scan time"; and col. 15, lines 36-51, wherein 
this reads over, searchable database fields preferably Include: . . . FlleName;PathName"}; 

the file attribute manager storing the file attributes gleaned from each of the plurality 
of scanned files as a plurality of records in a database {See pisello, coi. i3, lines 51- 

56, wherein this reads over "to integrate the collected information into the domain-wide virtual 
catalog"}; 

the file attribute manager indexing specific file attributes gleaned from specific files 
according to contents of the specific files, the specific file attributes being stored 
as ones of the plurality of records in the database {See pisello, coi. 14, lines 16-19, 



Application/Control Number: 10/645,989 
Art Unit: 2161 



Page 4 



wherein this reads over "Table 2 which shows an example of what might be displayed . . . [from] the 
domain administrating data/rule base"}; 

examining one of tlie plurality of files {See PISELLO, coI. 13, lines 14-19, wherein this reads over 
"a domain-wide status-monitor . . . periodically scan[s]"; and col. 13, lines 48-51, wherein this reads 
over "to collect the file Identifying Information stored at a given scan time"; and col. 15, lines 36-51, 
wherein this reads over, searchable database fields preferably Include: . . . FlleName; PathName"}; 

retrieving from the plurality of records in the database at least one record associated 
with the examined one of the plurality of files {See stupek, C3:L64-67, wherein this 

reads over "the upgrade advisor retrieves Information about the MIB 5 from a server database 13 
located in the server manager"; and C4:L2-26, wherein this reads over "the upgrade database may 
also contain information about a resource (e.g., a driver) which is not recognized by the server 
manager. In this situation, the upgrade advisor places Information about the resource (e.g., name, 
version number) Into a driver table 32 In the MIB 5. An agent 21 of the server manager located In the 
server uses this Information to search for the resource (I.e., to see If the resource has been Installed 
on the network). If so, the server manager creates entries for the resource In the server database"}; 

analyzing the gleaned attributes gleaned from examined one of the plurality of files, 
the gleaned file attributes having been retrieved from the at least one record 
associated with the examined one of the plurality of files {See stupek, C4:L5-i3, 

wherein this reads over "the upgrade advisor 11 retrieves information about the I^IB 5 from a server 
database 13 located in the server manager. The server database 13 tells the upgrade advisor 11 the 
location of each piece of information contained In the MIB. The upgrade advisor 11 supplies the 
location information to a data retriever 15, which uses It to retrieve from the MIB 5 data (MIB data) 
about the networl< resources 3. The upgrade advisor 11 then retrieves upgrade information from the 
upgrade database 9 and performs two types of comparisons: a) whether or not a particular upgrade 
package corresponds to a resource on the server, and b) whether or not the version number of the 
upgrade package matches the version number of the corresponding network resource (I.e, whether 
or not the upgrade package represents a true upgrade for the existing network resource)"}; and 

determining whether a status of the examined one of the plurality of files is malicious 
{See SCHMIDT, C9:L53-64, wherein this reads over "a digital signature" and the JAR archive file 410 
must be signed"}^; responsive to analyzing the gleaned file attributes {See stupek, ci3- 

20, wherein this reads over "If the upgrade applies to a resource on the server and If the upgraded 
and current versions of the network resource do not match, the upgrade advisor 11 uses additional 
information from the upgrade database 9 to analyze the level of severity of the upgrade. I.e., to 
determine the importance of the upgrade to the efficient operation of the server."}. 

While PISELLO fails to expressly disclose the method step of analyzing gleaned attributes and 

thereafter determining a status, the prior art of STUPEK discloses a method wherein information is 

retrieved from a database, and said information is summarily compared with upgrade information to 

determine whether an upgrade is necessary. That is the prior art of STUPEK discloses a method wherein 

file attributes such as the name, version number, and a timestamp, which have been gleaned from a file, 

are compared and verified. The combination of inventions disclosed in PISELLO and STUPEK would 

disclose a method comprising of examining a file, analyzing the gleaned attributes concerning the file 



with records retrieved from the database (e.g. upgrade information), and determining the status of the 
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file (i.e. whether or not the versions match). Therefore, it would have been obvious to one of ordinary 
skill in the art at the time the invention was made to modify the above invention suggested by PISELLO 
by combining it with the invention disclosed by STUPEK. 

One of ordinary skill in the art would have been motivated to do this modification so malicious or 
illegitimate files are blocked from entering the computer, from executing, and from performing certain 
functions while executing. 

Additionally, while the combination of PISELLO and STUPEK may fail to expressly disclose the 
method step of determining whether a file is malicious, the prior art of SCHMIDT discloses a method for 
incrementally updating files wherein digital signatures are used to verify the authenticity of said files. 
The combination of invention disclosed in PISELL, STUPEK, and SCHMIDT would disclose a method 
wherein the digital signature (i.e. the attribute) is gleaned from the files such that the digital signature is 
used to verify whether the file is malicious or not. Therefore, it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to modify the above invention suggested by 
the combination of PISELLO and STUPEK by combining it with the invention as disclosed by SCHMIDT. 

One of ordinary skill in the art would have been motivated to do this modification so that gleaned 
attributes may be used to verify the authenticity of a file. 

12. As per dependent claims 2, 10, and 17, PISELLO, in combination with STUPEK and 
SCHMIDT, discloses: 

A method wherein specific types of file attributes are gleaned from a specific file 
as a function of a protocol according to which the file is transmitted {See pisello. Table 2, 
wherein this includes the file-server name under the column labeled "Flle_Source" and the sender name under 
the column labeled "By"}. 

13. As per dependent claim 3, 11, 18, PISELLO, in combination with STUPEK and SCHMIDT, 
discloses: 

A method wherein specific tvpes of file attributes are gleaned from a specific file 
as a function of a format of the file {See pisello, coI. is, lines 46-51, wherein this reads over 
"Novell-defined attributes"}. 
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14. As per dependent claims 6, 14, 21, PISELLO, in combination witii STUPEK and 
SCHjviIDT, discloses: 

A method further comprising the file attribute manager receiving a plurality of 
copies of a selected file of the plurality of files, and the file attribute manager storing 
each of the plurality of copies as a separate record in the plurality of records, each 
separate record indexed according to the contents of the selected file of the plurality of 
files, such that the each separate record can be accessed by the single index {See pisello, 

Table 2; and col. 14, lines 62-64, wherein this reads over "the same file name may appear multiple times in the 
listing of Table 2, even with identical path names (e.g., 'Dave. doc')"}. 

15. As per dependent claim 8, PISELLO, in combination with STUPEK and SCHMIDT, discloses: 

The method wherein the non-application-specific file attribute manager is 
incorporated into one selected from the group consisting of: 

A firewall; 

An intrusion detection system; 

An intrusion detection system application proxy; 

A router; 
A switch; 

A standalone proxy; 

A server; {See pisello, col. 13, lines 14-15, wherein this reads over "domain-wide status-monitor 
and control program is Installed in the domain administrating server"}. 
A gateway 

An anti-virus detection system; and 
A client. 

Additionally, the claim limitation optionally recites a method wherein the attribute 

manager is incorporated into an selected entity, for the purposes of this examination, a server 
will be considered the selected entity and the remainder entities will not be provided further 
consideration nor will prior art be applied in said consideration. 

16. As per dependent claim 24, PISELLO, in combination with STUPEK and SCHMIDT, discloses a 
method of blocking a file upon the determination that the received file is malicious {See stupek, C8:L30-48}. 

While PISELLO fails to expressly disclose a method wherein a file is blocked upon a maliciousness 
determination, STUPEK discloses a method wherein if an upgrade is not applicative, the upgrade is not 
included within the upgrade package. The combination of inventions disclosed in PISELLO and STUPEK 
would disclose a method comprising of blocking the file upon the determination that the received file is 
malicious (i.e. the package object retrieves comparison results and combined them to determine package 
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status (i.e., whether or not the package applies to the server, and whether the package needs to be 
upgraded on the server). Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the above invention suggested by PISELLO by combining it with 
the invention disclosed by STUPEK and SCHMIDT. 

One of ordinary skill in the art would have been motivated to do this modification such that files 
which are not legitimate are blocked from entering the server, from executing, and from performing 
certain functions while executing. 

17. As per dependent claim 25, PISELLO, in combination with STUPEK and SCHMIDT, discloses a 
method of not blocking the file upon the determination that the received file is legitimate {See stupek, 

C8:L30-48}. 

While PISELLO fails to expressly disclose a method wherein a file is blocked upon a maliciousness 
determination, STUPEK discloses a method wherein if an upgrade is applicative, the upgrade is included 
within the upgrade package. The combination of inventions disclosed in PISELLO and STUPEK would 
disclose a method comprising of allowing the file upon the determination that the received file is 
legitimate (i.e. the package object retrieves comparison results and combined them to determine package 
status (i.e., whether or not the package applies to the server, and whether the package needs to be 
upgraded on the server). Therefore, it would have been obvious to one of ordinary skill in the art at the 
time the invention was made to modify the above invention suggested by PISELLO by combining it with 
the invention disclosed by STUPEK and SCHMIDT. 

One of ordinary skill in the art would have been motivated to do this modification such that files 
which are not legitimate are allowed to enter the server, execute, and perform certain functions while 
executing. 

18. As per dependent claim 26, PISELLO, in combination with STUPEK and SCHMIDT, discloses a 
method for applying a rule specifying how to use gleaned file attributes to process the file {See stupek, 

C13-20, wherein this reads over "If the upgrade applies to a resource on the server and if the upgraded and current versions of the 
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network resource do not match, the upgrade advisor 11 uses additional information from the upgrade database 9 to analyze the 
level of severity of the upgrade, i.e., to determine the importance of the upgrade to the efficient operation of the server."}. 

The combination of inventions disclosed in PISELLO and STUPEK would disclose a method 
comprising for applying a rule specifying how to use gleaned file attributes to process a file. Therefore, it 
would have been obvious to one of ordinary skill in the art at the time the invention was made to modif/ 
the above invention suggested by PISELLO by combining it with the invention disclosed by STUPEK and 
SCHMIDT. 

One of ordinary skill in the art would have been motivated to do this modification in order to 
determine the legitimacy of a file by analyzing and processing the gleaned attributes according to a set 
rule. 

19. As per dependent claim 27, PISELLO, in combination with STUPEK and SCHMIDT, discloses a 
method for determining a rule to apply specifying how to use gleaned file attributes to process the file 

{See STUPEK, C13-20, wherein this reads over "If the upgrade applies to a resource on the server and if the upgraded and current 
versions of the network resource do not match, the upgrade advisor 11 uses additional information from the upgrade database 9 to 
analyze the level of severity of the upgrade, i.e., to determine the importance of the upgrade to the efficient operation of the 
server."}. 

While PISELLO fails to expressly disclose a method for determining a rule to apply specif/ing how 
to use gleaned file attributes to process the file, the prior art of STUPEK discloses a method wherein the 
upgrade manager performs comparisons on the attributes of the file, specifically the version number. The 
combination of inventions disclosed in PISELLO and STUPEK would disclose a method comprising of 
determining at least one of a plurality of rules to apply to a file. Therefore, it would have been obvious 
to one of ordinary skill in the art at the time the invention was made to modify the above invention 
suggested by PISELLO by combining it with the invention disclosed by STUPEK and SCHMIDT. 

One of ordinary skill in the art would have been motivated to do this modification so that 
upon the failure or passage of a file in a rule, further gleaned attributes may be checked to 
determine the legitimacy of a file. 
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20. As per dependent claim 8, PISELLO, in combination with STUPEK and SCHMIDT, discloses: 

Tine metlnod of claim 1, wherein the plurality of files are received from a network 
connection {See STUPEK, Figures 1, 2, 6, and 11}. 

21. Claims 4, 12, and 19 are rejected under 35 U.S.C. 103(a) as being unpatentable over PISELLO, 
in view of STUPEK and SCHIVIIDT, and in further view of Fischer (U.S. Patent No. 5,694, 569, hereinafter 
referred to as FISCHER), filed on June 5, 1995, and issued on December 2, 1997. 

PISELLO, STUPEK, and SCHMIDT disclose the limitations of claims 1-3, 6, 8-11, 14, 16-18, and 
21 for the reasons stated above. 

PISELLO, STUPEK, and SCHMIDT differ from the claimed invention in that they fail to disclose a 
method further comprising the file attribute manager indexing attributes being stored by using a secure 
hash of the contents of that file (claims 4, 12, and 19). 

22. As per dependent claim 4, 12, and 19, PISELLO, in combination with STUPEK, SCHMIDT, and 
FISCHER, discloses a method further comprising the file attribute manager indexing attributes being 
stored as a record in the database concerning a specific file according to a secure hash of the contents of 
that file {See FISCHER, coI. l, lines 40-50, wherein this reads over "file integrity may be protected by taking a one-way hash over 
the contents of the file. By implementing and checking a currently computed hash value, with a previously stored hash value"}. 

The combination of inventions disclosed in PISELLO, STUPEK, and FISCHER would disclose a 
method wherein the file attribute manager would index attributes in a database according to a secure 
hash, by using a secure hash algorithm (SHA), of the contents of that file. Therefore, it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to modify the above 
invention suggested by PISELLO by combining it with the invention disclosed by STUPEK, SCHMIDT, and 
FISCHER. 

One of ordinary skill in the art would have been motivated to do this modification so that the 
records may be indexed securely and subsequently retrieved by a blocking system. 
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23. Claims 5, 13, and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable over PISELLO, 
in view STUPEK and SCH|V|IDT, and in further view of Baker (USPGPUB No. 2003/0233352, liereinafler 
referred to as BAKER), filed on March 19, 2003, claiming priority to March 21, 2002, and published on 
December 18, 2003. 

PISELLO, STUPEK, and SCHMIDT disclose the limitations of claims 1-3, 6, 8-11, 14, 16-18, and 
21 for the reasons stated above. 

PISELLO, STUPEK, and SCHMIDT differ from the claimed invention in that they fail to 
disclose a method further comprising the file attribute manager indexing attributes according to a 
cyclical redundancy check of the contents of that file (claims 5, 13, and 20). 

24. As per dependent claims 5, 13, and 20, PISELLO, in combination with STUPEK, SCHMIDT, 
and BAKER, discloses a method further comprising the file attribute manager indexing attributes being 
stored as a record in the database concerning a specific file according to a cyclical redundancy check of 
the contents of that file {See baker, Para. OOOS, wherein this reads over "[t]he controller may be further programmed ... to 
determine a cyclical redundancy check of the file"}. 

While PISELLO falls to expressly disclose a method of utilizing a CRC on the contents of a file, 
BAKER discloses a means for applying a CRC on the file for validation purposes. The combination of 
inventions disclosed in PISELLO, STUPEK, SCHMIDT, and BAKER would disclose a method wherein the file 
attribute manager would index attributes in a database according to a cyclical redundancy check of the 
contents of that file. Therefore, it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to modif/ the above invention suggested by PISELLO by combining it with the 
invention disclosed by STUPEK, SCHMIDT, and BAKER. 

One of ordinary skill in the art would have been motivated to do this modification so that the 
records may be indexed securely and subsequently retrieved by a blocking system. 

25. Claims 7, 15, and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over PISELLO, 
in view of STUPEK and SCHMIDT, and in further view of Chino et al (USPGPUB 2002/0046207), filed on 
June 25, 2001, and published on April 18, 2002. 
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PISELLO, STUPEK, and SCHMIDT disclose the limitations of claims 1-3, 6, 8-11, 14, 16-18, and 
21 for the reasons stated above. 

PISELLO, STUPEK, and SCHMIDT differ from the claimed invention in that they fail to disclose a 
method which deletes records from the database after the records have been stored for a specific period 
of time (claims 7, 15, and 22). 

26. As per dependent claims 7, 15, and 22, PISELLO, in combination with STUPEK, SCHMIDT, 
and CHINO, discloses a method further comprising of deleting records from the database after the 
records have been stored for a specific period of time {See chino. Para, ooeo, wherein this reads over "location 
information collector determines whether a predetermined time , e.g. two hours, has passed wince the record of the current 
location registered In the respective tables of the location information storage was collected, and sequentially deletes those records 
with a predetermined time elapsed"}- 

While PISELLO fails to expressly disclose a method of purging files, CHINO discloses a method of 
purging records when a predetermined time has elapsed. The combination of inventions disclosed in 
PISELLO, STUPEK, SCHMIDT, and CHINO would disclose a method comprising of deleting records with a 
predetermined time elapsed. Therefore, it would have been obvious to one of ordinary skill in the art at 
the time the invention was made to modify the above invention suggested by PISELLO by combining it 
with the invention disclosed by STUPEK, SCHMIDT, and CHINO. 

One of ordinary skill in the art would have been motivated to do this modification so that 
the database is kept current and free of obsolete records. 

Response to Arguments 

27. Applicant's arguments filed 14 May 2008 have been fully considered but they are not persuasive, 
a. Claim Rejections under 35 U.S.C. 103 in view of Stupek 

Applicant asserts the argument that the reliance upon Stupek is misplaced because the 
version number of the software "is an attribute of the software package" and not a file attribute. 
The Examiner respectfully disagrees. It is noted that it would have been obvious to one of 
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ordinary skill in the art that an upgrade software package may come in the form of one 
compressed file (e.g. a JAR or a ZIP file). IT would have been further obvious that a version 
number for said compressed file may be applied as a file attribute such that the version number 
of the compressed file may be gleaned accordingly. 

28. Applicant's arguments with respect to the newly added limitations of claims 1, 9, and 16 have 
been considered but are moot in view of the new ground(s) of rejection. 

Conclusion 

29. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to PAUL KIM whose telephone number is (571)272-2737. The examiner can normally be 
reached on M-F, 9am - 5pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Tony Mahmoudi can be reached on (571) 272-4078. The fax phone number for the organization where 
this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be obtained from 
either Private PAIR or Public PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 
866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative or 
access to the automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Paul Kim 
Examiner 
Art Unit 2161 

/pk/ 



/Tony Mahmoudi/ 
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